For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jdanowit's avatar
jdanowit
Icon for Nimbostratus rankNimbostratus
Nov 09, 2018

Enable CORS support

We are trying to enable CORS support so that certain headers and their values get sent through the F5 unmolested. We've tried different versions of "persist" and set headers and inserted headers, bu...
application delivery
devops
iRules
LTM
Andy_McGrath's avatar
Andy_McGrath
Icon for Cumulonimbus rankCumulonimbus
Nov 10, 2018

Under normal traffic flow F5 LTM will not remove any headers unless configured to do so. For CORS you shouldn't need to do anything on the F5 really as long as your backend server configuration is correct.

 

However, I would say CORS can be difficult to get right so I would confirm that the backend server configuraiton is correct before anything else, test directly bypassing the F5.

 

Then set the F5 to do no HTTP header manipulation and test see what error messages you are getting on the client and server if things are not working. From that hopefully you can work out if the issue is client or server side.

 

Check out for a really good explination of how HTTP flow works for CORS: MDN Web Docs: Cross-Origin Resource Sharing (CORS)